From owner-freebsd-security Mon Apr 29 14:44:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from microsoft.com (pa145.opole.cvx.ppp.tpnet.pl [213.76.4.145]) by hub.freebsd.org (Postfix) with SMTP id 6F0BF37B400 for ; Mon, 29 Apr 2002 14:44:03 -0700 (PDT) Received: (qmail 245 invoked by uid 1000); 29 Apr 2002 21:39:44 -0000 Date: Mon, 29 Apr 2002 23:39:44 +0200 From: Piotr Wiejaczka To: freebsd-security@FreeBSD.ORG Subject: syslogd security bug? Message-ID: <20020429233943.A213@microsoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GEEKCODE-1: GCS d- s:- a19 C++++ UB+++>++++ P++++ L- E--- W- N++ o? K w-- X-GEEKCODE-2: O? M- V? PS+ PE++ Y PGP- t+ 5 X- R++ !tv b++@ DI- D+ X-GEEKCODE-3: G++ e* h! !r !y+ X-Echelon-Rulez: terrorism, uranium, kill the president, TNT, C4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all. %uname -a FreeBSD localhost 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Mar 12 08:20:11 CET 2002 root@:/usr/src/sys/compile/OKO2 i386 %cat syslog.c #include #include int main(int argc, char *argv[]) { syslog(LOG_EMERG, argv[1]); } %./syslog "blah %x %x %x %x" Message from syslogd@localhost at Mon Apr 29 23:27:35 2002 ... localhost syslog: blah 2807aebe 2 bfbffc5c bfbffd26 Looks like we have a format string bug inside syslogd :) -- wiejak FidoNet: 2:484/2.76 mailto: wiejak alpha.net.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message